Health Care Industry Encouraged to be Extra Vigilant This Weekend

Cyber Threat Could Be Imminent

OnFocus – Multiple federal agencies issued a public cybersecurity advisory yesterday about an imminent ransomware attack against the healthcare and public health sector this weekend.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have credible information suggesting an Eastern European threat group plans to launch a widespread Ryuk ransomware attack.

“It’s definitely concerning when we hear about things like this, but we try to use it as an educational opportunity,” said David Murphy, VP of Finance & Risk at Marshfield Medical Center Credit Union (MMCCU). “With health care being our field of membership and being in the financial industry, we do what we can to educate our members about risks like this. We encourage anyone with questions to reach out to us.”

CISA, the FBI, and HHS have recommended that hospitals and healthcare systems implement the following measures as soon as possible:

• Establish and practice out of band, non VoIP, communications
• Rehearse IT lockdown protocol and process, including practicing backups
• Ensure backup of medical records, including electronic records, and have a 321-backup
• strategy – have hard copy or remote backup or both
• Expedite patching response plan within 24 hours
• Prepare to maintain continuity of operations if attacked
• Review plans within the next 24 hours should you be hit
• Check that your anti-virus and endpoint detection and response (EDR) are running; a stopped state may indicate compromise
• Power down IT where not used
• Consider limiting use of personal email
• Be prepared to reroute patients
• Ensure proper staffing for continuity
• Know how to contact federal authorities when phones are down, or email has been wiped
• Consider limiting/powering down non-essential internet facing IT services
• Limit personal email services
• Be prepared to re-route patients if patient care is disrupted due to IT outage
• Ensure sufficient staffing to maintain continuity of operations with disrupted IT networks
• Report all potentially related cyber incidents to the FBI 24/7 CyberWatch Command Center at 855-292-3937

MMCCU also offers tips for anyone accessing financial information online. Read more here.

For more information, please visit this link. Murphy can be reached at 715-387-8686.

We welcome your stories! Contact us at [email protected]!